It's obvious how to search fixed data formats when I'm monitoring for content going in and out of my network, but how do I track for things that are more random in nature such as intellectual property?

The best solution for protecting critical digital assets needs to have flexibility and extensibility built into its filtering and monitoring capabilities in order to address the broad types of content at risk today. Securing known, fixed data - such as social security numbers, credit card information, and sensitive health information - is a baseline requirement for any information monitoring and protection system.

However, protecting your organization's intellectual property (IP), the bread and butter of every business, is crucial. For example, high-tech companies must protect source code and engineering design documents. Bio-tech and pharmaceutical companies must protect drug recipes and top secret research. And financial services firms must safeguard confidential business processes or financial models.

Before a threat becomes a real incident, the best solution needs to secure sensitive data at rest. The solution must also protect sensitive information and IP during transmission-data in motion-when the risk of misuse or abuse is highest. And finally, the solution should help IT identify and address unforeseen threats after they occur, and then feed that updated information back into the process to make before and during protection even more effective.

The best security solution needs to discover information assets at rest in all of their various forms inside your organization's file servers or data repositories. Also real-time monitoring of network traffic should detect protected documents and sensitive records prior to leaving your network. Inspection carried out across all ports and protocols ensures that every possible inbound and outbound channel is monitored, not just a single channel, such as email or instant messaging. Enforcement via blocking or alerting appropriate managers or other stakeholders is also critical.

Although keyword or regular expression-based filtering typically satisfies searches for exact matches to words or number and letter strings, there is a high likelihood of false positives with these techniques. Other context searches of communication traveling the network achieve the highest catch-rates. For example, grammatical or statistical elements of content, used to provide further context, can distinguish between English language as part of a person-to-person communication from software source code, and can detect images or the presence of encryption.